]>
Pileus Git - ~andy/fetchmail/log
Matthias Andree [Wed, 5 Sep 2012 01:06:26 +0000 (03:06 +0200)]
Rebuild po/
Matthias Andree [Wed, 5 Sep 2012 00:59:05 +0000 (02:59 +0200)]
Fix up merge.
Matthias Andree [Wed, 5 Sep 2012 00:53:54 +0000 (02:53 +0200)]
Merge branch 'legacy_63'
Conflicts:
Makefile.am
NEWS
conf.c
configure.ac
contrib/rawlog.patch
fetchmail-SA-2011-01.txt
fetchmail.man
fm_md5.h
kerberos.c
socket.c
socket.h
Matthias Andree [Tue, 4 Sep 2012 20:55:55 +0000 (22:55 +0200)]
fix another typo, point one URL to CVE.
Matthias Andree [Tue, 4 Sep 2012 20:49:42 +0000 (22:49 +0200)]
Fix typo in CVE URLs that rendered two new links useless.
Matthias Andree [Mon, 3 Sep 2012 21:12:39 +0000 (23:12 +0200)]
Obsoletion warning.
Matthias Andree [Mon, 3 Sep 2012 21:08:53 +0000 (23:08 +0200)]
Mention Alexander's fix for -f - with --plugin.
Alexander Zangerl [Mon, 3 Sep 2012 21:07:47 +0000 (23:07 +0200)]
Fix: combination of --plugin and -f - fails
scenario: you want to remote-control fetchmail, but you don't want to write
passwords into files, so you feed fetchmail a minimal rcfile via stdin with -f
-. this by itself works fine. if you also want or need to use a --plugin (eg.
socat for socks), then things fail badly: the plugin is run without a stdin fd,
hence can't take input from fetchmail, lots of fun ensues. plugins without -f
- work fine, it's just the combination that fails.
explanation: the root cause is rcfile_y.y, line 493, which closes whatever fd
carried the rcfile. with -f - this closes fetchmail's stdin - and so far that's
unproblematic. however, in socket.c lines 166ff things go wrong: fetchmail
sets up the plugin with a socketpair, which will likely include the first
unused fd - and fd zero is now indeed unused. in line 180ff a dup2 replumbing
from "that fd" (=zero) to zero is performed - and then "that fd" is closed.
and hey presto, we've got no fd zero = stdin for the plugin.
solution: the simplest solution (patch attached) is to make the fclose of the
rcfile conditional, ie. don't close if it's stdin. in the long run the
dup2+close code might be made more robust by not doing a dup2+close if fd[0] is
already 0 or 1.
Matthias Andree [Mon, 3 Sep 2012 21:05:37 +0000 (23:05 +0200)]
Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.
Earl Chew [Mon, 3 Sep 2012 21:04:08 +0000 (23:04 +0200)]
Clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS without SSL_CTX_clear_options()
A patch to clear SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS was added recently:
http://gitorious.org/fetchmail/fetchmail/commit/
48809c5b9f6c9081f4031fa938dd63b060c18a4b ?format=patch
Older implementations of OpenSSL do not support SSL_CTX_clear_options().
This patch reworks the previous change to avoid the use of
SL_CTX_clear_options() and instead clears the corresponding bit in
SSL_OP_ALL before calling SSL_CTX_set_options().
Matthias Andree [Thu, 30 Aug 2012 06:17:53 +0000 (08:17 +0200)]
Update security info on web site.
Matthias Andree [Wed, 29 Aug 2012 23:03:08 +0000 (01:03 +0200)]
Update copyright and SecAnn' version.
Matthias Andree [Wed, 29 Aug 2012 21:36:40 +0000 (23:36 +0200)]
Update.
Matthias Andree [Wed, 29 Aug 2012 21:24:14 +0000 (23:24 +0200)]
Get ready for 6.3.22 release.
Matthias Andree [Mon, 20 Aug 2012 18:40:14 +0000 (20:40 +0200)]
Update translations and NEWS.
Matthias Andree [Fri, 17 Aug 2012 16:23:54 +0000 (18:23 +0200)]
Warn if SSL is disabled, suggest --with-ssl.
Matthias Andree [Fri, 17 Aug 2012 16:15:02 +0000 (18:15 +0200)]
Fix installation when PYTHON is enabled.
The Python-related Makefile.am parts were simplified to avoid an
automake 1.11.X bug around noinst_PYTHON, Automake Bug #10995.
http://lists.gnu.org/archive/html/automake-patches/2012-03/txtbYNp7SPawU.txt
Matthias Andree [Wed, 15 Aug 2012 21:41:03 +0000 (23:41 +0200)]
GSSAPI build fix.
The GSSAPI-related autoconf code now matches gssapi.c better, and uses
a different check to look for GSS_C_NT_HOSTBASED_SERVICE.
This fixes the GSSAPI-enabled build on NetBSD 6 Beta.
Matthias Andree [Wed, 15 Aug 2012 20:12:44 +0000 (22:12 +0200)]
Update translations.
Matthias Andree [Tue, 14 Aug 2012 23:19:47 +0000 (01:19 +0200)]
Correct title/topic, remove dates (6.3.22 isn't out yet), and re-sign.
Matthias Andree [Tue, 14 Aug 2012 20:53:04 +0000 (22:53 +0200)]
Fix compiler warnings.
Matthias Andree [Tue, 14 Aug 2012 20:52:46 +0000 (22:52 +0200)]
Fix compiler aliasing warning.
Matthias Andree [Tue, 14 Aug 2012 20:38:55 +0000 (22:38 +0200)]
Fix length argument to memset().
Matthias Andree [Tue, 14 Aug 2012 18:47:22 +0000 (20:47 +0200)]
Validate NTLM challenge fields.
This is to avoid reading from bad locations, and possibly conveying
confidential data. Credit to Nico Golde.
Matthias Andree [Tue, 14 Aug 2012 05:46:22 +0000 (07:46 +0200)]
Add CVE-Id and sign.
Matthias Andree [Mon, 13 Aug 2012 20:05:52 +0000 (22:05 +0200)]
reword
Matthias Andree [Mon, 13 Aug 2012 20:04:34 +0000 (22:04 +0200)]
Add new Swedish translation, by Göran Uddeborg.
Matthias Andree [Mon, 13 Aug 2012 19:27:37 +0000 (21:27 +0200)]
Fix advisory no. in header.
Matthias Andree [Mon, 13 Aug 2012 19:25:34 +0000 (21:25 +0200)]
Reformat, inserting blank line.
Matthias Andree [Mon, 13 Aug 2012 19:23:41 +0000 (21:23 +0200)]
Document fix for NTLM crash, + Security advisory (draft).
Matthias Andree [Mon, 13 Aug 2012 19:05:23 +0000 (21:05 +0200)]
Update German translation.
Matthias Andree [Mon, 13 Aug 2012 18:48:12 +0000 (20:48 +0200)]
Fix crash: Handle invalid base64 in NTLM challenge.
Some servers, for instance the MS Exchange servers deployed by the
US-American National Aeronautics and Space Administration (NASA),
aborted the NTLM protocol exchange after receiving the initial request.
Fetchmail did not detect that there was an error message, rather than
NTLM protocol exchange, and caught a segmentation fault while reading
from a bad location.
Detect base64 decoding errors, and return PS_AUTHFAIL in this case.
Reported by J[ames] Porter Clark.
Matthias Andree [Thu, 2 Aug 2012 18:35:32 +0000 (20:35 +0200)]
Document license change in CHANGES.
Matthias Andree [Thu, 2 Aug 2012 16:59:44 +0000 (18:59 +0200)]
Add preconnect/postconnect interface PS_SYNTAX -> PS_ERROR.
Matthias Andree [Sun, 24 Jun 2012 13:45:44 +0000 (15:45 +0200)]
Feature request: other finger print algorithms than MD5 (by grarpamp).
Matthias Andree [Thu, 31 May 2012 23:02:28 +0000 (01:02 +0200)]
Add one TODO item.
Matthias Andree [Sat, 26 May 2012 01:27:46 +0000 (03:27 +0200)]
State that we don't want to access internal OpenSSL structures.
Requires OpenSSL 1.0.1, but compatible with older releases, too.
Matthias Andree [Thu, 31 May 2012 06:47:20 +0000 (08:47 +0200)]
Properly erase MD5Context in MD5Final.
Found by clang.
Matthias Andree [Thu, 31 May 2012 06:47:20 +0000 (08:47 +0200)]
Properly erase MD5Context in MD5Final.
Found by clang.
Matthias Andree [Tue, 15 May 2012 06:45:46 +0000 (08:45 +0200)]
Mention cherry-pick.
Sunil Shetye [Wed, 9 May 2012 08:10:12 +0000 (13:40 +0530)]
fetchmail workaround for a bug in Microsoft Exchange
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
Sunil Shetye [Wed, 9 May 2012 08:10:12 +0000 (13:40 +0530)]
fetchmail workaround for a bug in Microsoft Exchange
treat missing header in response to a FETCH command as a transient error
(Reported by John Connett)
if there are too many transient errors, log it.
Matthias Andree [Fri, 6 Apr 2012 21:39:56 +0000 (23:39 +0200)]
Relicense security/errata notices as CC BY-ND 3.0.
Removing the NC/noncommercial clause, to ease redistribution.
Matthias Andree [Fri, 6 Apr 2012 21:20:34 +0000 (23:20 +0200)]
Add fetchmail-SA-2012-01.txt.
Matthias Andree [Fri, 6 Apr 2012 19:34:18 +0000 (21:34 +0200)]
Bump version to 6.3.22.
Matthias Andree [Fri, 6 Apr 2012 19:31:53 +0000 (21:31 +0200)]
Fix CVE-2011-3389 by clearing SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS...
...from SSL options, unless FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE
is a non-empty environment variable.
Suggested by Apple.
Matthias Andree [Sun, 1 Apr 2012 13:33:49 +0000 (15:33 +0200)]
Validate XHTML 1.0 stuff even when skipping 1.1.
Matthias Andree [Sun, 1 Apr 2012 13:33:49 +0000 (15:33 +0200)]
Validate XHTML 1.0 stuff even when skipping 1.1.
Matthias Andree [Tue, 22 Nov 2011 00:47:29 +0000 (01:47 +0100)]
Mention Zimbra FETCH () workaround by Mikulas Patocka
Mikulas Patocka [Fri, 18 Nov 2011 23:43:11 +0000 (18:43 -0500)]
fetchmail workaround for a bug in Zimbra
Zimbra occasionally returns this response:
fetchmail: IMAP> A0007 FETCH 1 RFC822.HEADER
fetchmail: IMAP< * 1 FETCH ()
fetchmail: IMAP< A0007 OK FETCH completed
It happens when there is a corrupted message without a header in the
database. (I don't know how this message could be created, I just see it
there).
When fetchmail encounters such resonse, it gives up and disconnects.
This patch changes it so that PS_TRANSIENT is returned in this
case and fetchmail continues to fetch following messages correctly.
Matthias Andree [Tue, 25 Oct 2011 22:30:32 +0000 (00:30 +0200)]
Fix build on SSLv2-disabled OpenSSL setups
On systems where SSLv2_client_method isn't defined in OpenSSL (such as newer
Debian, and Ubuntu starting with 11.10 oneiric ocelot), don't reference it (to
fix the build) and print a run-time error that the OS does not support SSLv2.
Fixes Debian Bug #622054, but note that that bug report has a more thorough
patch that does away with SSLv2 altogether.
Matthias Andree [Tue, 27 Sep 2011 10:04:37 +0000 (12:04 +0200)]
Disable SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.
Note: this can cause compilation issues on outdated OpenSSL versions.
In such situations, use a newer OpenSSL version.
Matthias Andree [Tue, 6 Sep 2011 19:10:38 +0000 (21:10 +0200)]
Mention that user@server must be unique.
Matthias Andree [Tue, 6 Sep 2011 19:08:16 +0000 (21:08 +0200)]
Add items.
Matthias Andree [Tue, 30 Aug 2011 16:15:15 +0000 (18:15 +0200)]
Print Server certificate: banner on stdout rather than stderr.
Reported by Henry Jensen, fixes Debian Bug #639807.
Matthias Andree [Sun, 21 Aug 2011 13:07:48 +0000 (15:07 +0200)]
Critical fix: don't embed NUL in unterminated last IMAP line.
Found by Antoine Levitt.
Matthias Andree [Tue, 30 Aug 2011 16:15:15 +0000 (18:15 +0200)]
Print Server certificate: banner on stdout rather than stderr.
Reported by Henry Jensen, fixes Debian Bug #639807.
Matthias Andree [Fri, 26 Aug 2011 09:23:48 +0000 (11:23 +0200)]
Fixup last patch from Thomas, return void rather than NULL.
Thomas Jarosch [Fri, 26 Aug 2011 08:07:03 +0000 (10:07 +0200)]
Protect against possible NULL pointer
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Thomas Jarosch [Fri, 26 Aug 2011 07:58:14 +0000 (09:58 +0200)]
Remove unused variable
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Thomas Jarosch [Fri, 26 Aug 2011 07:57:08 +0000 (09:57 +0200)]
Fix small memory leak on error
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Matthias Andree [Sun, 21 Aug 2011 14:18:42 +0000 (16:18 +0200)]
Mention need to forward-port NUL-injection fix from 6.3.21.
Matthias Andree [Sun, 21 Aug 2011 13:49:42 +0000 (15:49 +0200)]
Update website for 6.3.21.
Matthias Andree [Sun, 21 Aug 2011 13:16:27 +0000 (15:16 +0200)]
Import translations.
Matthias Andree [Sun, 21 Aug 2011 13:14:42 +0000 (15:14 +0200)]
Bump version to 6.3.21, mark release date.
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Mention rawlog.patch in NEWS.
Matthias Andree [Sun, 21 Aug 2011 13:08:54 +0000 (15:08 +0200)]
Drop obsolete file TODO-6.3.20.
Matthias Andree [Sun, 21 Aug 2011 13:07:48 +0000 (15:07 +0200)]
Critical fix: don't embed NUL in unterminated last IMAP line.
Found by Antoine Levitt.
Matthias Andree [Mon, 6 Jun 2011 22:26:37 +0000 (00:26 +0200)]
Revert SO_???TIMEO-based STARTTLS timeout handling.
This reverts commits
47c05b10018f5ec7493e4bd9f521aaa18d96f1e2
and
72ce8bce8dd655b6aefa33d0a74e883dad5202b5 , the code isn't portable,
for instance, Solaris does not support SO_RCVTIMEO/SO_SNDTIMEO.
These socket-level options are known, but Solaris returns EAFNOSUPPORT.
Reported by Jonathan Buschmann.
Conflicts:
NEWS
socket.c
Matthias Andree [Sun, 21 Aug 2011 09:55:05 +0000 (11:55 +0200)]
Add rawlog.patch.
Matthias Andree [Tue, 16 Aug 2011 15:37:09 +0000 (17:37 +0200)]
Drop vendor-sec@lst.de, defunct.
Matthias Andree [Tue, 16 Aug 2011 15:37:09 +0000 (17:37 +0200)]
Drop vendor-sec@lst.de, defunct.
Matthias Andree [Tue, 16 Aug 2011 13:52:44 +0000 (15:52 +0200)]
Enable SSL by default.
Matthias Andree [Fri, 12 Aug 2011 07:54:46 +0000 (09:54 +0200)]
Mention Debian Bug fix 345788 (we always use POP3 UIDL).
Matthias Andree [Fri, 12 Aug 2011 07:53:31 +0000 (09:53 +0200)]
Detect single quotes in MDA % expansions and refuse delivery.
Fixes Debian Bug#347909.
Matthias Andree [Fri, 5 Aug 2011 21:57:30 +0000 (23:57 +0200)]
Update TODO.
Thomas Jarosch [Tue, 2 Aug 2011 11:22:55 +0000 (13:22 +0200)]
Remove redundant double A_OTP check.
Matthias Andree [Sat, 2 Jul 2011 22:05:23 +0000 (00:05 +0200)]
Update TODO.
Matthias Andree [Wed, 22 Jun 2011 22:09:37 +0000 (00:09 +0200)]
Doxygen cleanups.
Matthias Andree [Wed, 22 Jun 2011 21:35:44 +0000 (23:35 +0200)]
No longer search for trio documentation.
Matthias Andree [Wed, 22 Jun 2011 18:31:48 +0000 (20:31 +0200)]
Make P_* and A_* proto/auth macros enums.
Matthias Andree [Wed, 22 Jun 2011 18:18:40 +0000 (20:18 +0200)]
Update version to 7.0.0-alpha2, and update TODO.
Matthias Andree [Wed, 22 Jun 2011 18:07:07 +0000 (20:07 +0200)]
Make APOP an authenticator, rather than a protocol.
Incidentally also offers cram-md5 as authenticator in fetchmailconf.
Matthias Andree [Wed, 22 Jun 2011 18:08:32 +0000 (20:08 +0200)]
Remove dead waiting code.
Matthias Andree [Wed, 22 Jun 2011 18:08:14 +0000 (20:08 +0200)]
Assorted fetchmailconf fixes and cleanups
- fix syntax error around ServerDefaults.dns
- mention Lotus Domino MIME was broken until 5.0.2 (not 4.6.2a)
- Remove IMAP2bis help text. No longer supported.
Matthias Andree [Wed, 22 Jun 2011 16:31:40 +0000 (18:31 +0200)]
Mention Exchange 2003 SP2 mime boundary trashing.
Matthias Andree [Mon, 20 Jun 2011 23:00:41 +0000 (01:00 +0200)]
Update TODO-6.4.
Matthias Andree [Sun, 19 Jun 2011 19:48:45 +0000 (21:48 +0200)]
Fixup leftover from SockTimeout removal.
Matthias Andree [Sun, 19 Jun 2011 18:30:25 +0000 (20:30 +0200)]
Note that some moldy stuff from contrib/ got removed.
Matthias Andree [Sun, 19 Jun 2011 18:27:45 +0000 (20:27 +0200)]
Remove zsh-completion. Way outdated.
Matthias Andree [Sun, 19 Jun 2011 18:27:08 +0000 (20:27 +0200)]
Remove toprocmail, which does not check for errors properly.
Matthias Andree [Sun, 19 Jun 2011 18:24:45 +0000 (20:24 +0200)]
Remove start_dynamic_ppp, a script that encourages unsafe practices.
Matthias Andree [Sun, 19 Jun 2011 18:23:42 +0000 (20:23 +0200)]
Remove sm-hybrid, outdated: sendmail is way past release 8.11.0.
Matthias Andree [Sun, 19 Jun 2011 18:22:55 +0000 (20:22 +0200)]
Remove redhat_rc, this is up to the distributors, and Fedora uses systemd these days anyways.
Matthias Andree [Sun, 19 Jun 2011 18:22:01 +0000 (20:22 +0200)]
Remove preauth-harness, non-SSL-aware.
Matthias Andree [Sun, 19 Jun 2011 18:20:58 +0000 (20:20 +0200)]
Remove poptest, underdocumented, non-SSL-aware.
Matthias Andree [Sun, 19 Jun 2011 18:18:41 +0000 (20:18 +0200)]
Remove multidrop, a dangerous workaround for broken upstream multidrop setups.
Matthias Andree [Sun, 19 Jun 2011 18:12:30 +0000 (20:12 +0200)]
Remove getfetchmail*, outdated.
Matthias Andree [Sun, 19 Jun 2011 18:11:13 +0000 (20:11 +0200)]
Remove fetchspool, a software working around configuration errors.
People should fix their MTA configuration instead.
Matthias Andree [Sun, 19 Jun 2011 18:09:38 +0000 (20:09 +0200)]
Remove fetchmaildistrib. Makes undocumented assumptions about /etc/fetchmailrc layout.